Maybe Israel doesn’t need to bomb anything:
Computerworld – Officials in Iran have confirmed that the Stuxnet worm infected at least 30,000 Windows PCs in the country, multiple Iranian news services reported on Saturday.
Experts from Iran’s Atomic Energy Organization also reportedly met this week to discuss how to remove the malware.
Stuxnet, considered by many security researchers to be the most sophisticated malware ever, was first spotted in mid-June by VirusBlokAda, a little-known security firm based in Belarus. A month later Microsoft acknowledged that the worm targeted Windows PCs that managed large-scale industrial-control systems in manufacturing and utility companies.
Those control systems, called SCADA, for “supervisory control and data acquisition,” operate everything from power plants and factory machinery to oil pipelines and military installations.
According to researchers with U.S.-based antivirus vendor Symantec, Iran was hardest hit by Stuxnet. Nearly 60% of all infected PCs in the earliest-known infection were located in that country.
Since then, experts have amassed evidence that Stuxnet has been attacking SCADA systems since at least January 2010. Meanwhile, others have speculated that Stuxnet was created by a state-sponsored team of programmers, and designed to cripple Iran’s Bushehr nuclear reactor.
No need to stop with nuclear installations. It might be an exaggeration to say that a cyber-attack could propel a country back into the stone age, but it could give it a good start. Almost all modern industrial systems use programmable logic controllers (PLCs), minicomputers which collect input from data collection devices and operate the relays, solenoids, valves, etc. which control the system.
These PLCs are often connected to PCs running common operating systems like Windows and forms of Unix, which provide the user-interface and programming capability. The Stuxnet worm not only compromises the PC, but inserts its own code into the PLC itself. Then it renders this added code undetectable by normal procedures.
Can you imagine turbines spinning out of control and flying apart? Pipelines exploding from excess pressure? Nationwide electrical blackouts? Dams overflowing? Satellites commanded to change their orbits? Even military missiles launching themselves or self-destructing in their silos? All this and more is possible.
In fact, it has already happened:
It was a Trojan program inserted into SCADA system software that caused a massive natural gas explosion along the Trans-Siberian pipeline in 1982. A newspaper reported the resulting fireball yielded “the most monumental non-nuclear explosion and fire ever seen from space.” …
The 3-kiloton Trans-Siberian natural gas pipeline explosion … occurred during the Reagan administration. The event was initially acknowledged by a Russian general, and then subsequently denied by the Russian press, and kept secret within the CIA until 2004, when details were released upon publication of the Cold War memoirs of a retired insider. The events and methodology were explained and later presented in security testimony before the U.S. House of Representatives. — Pipeline and Gas Journal
The difference is that today almost every PC is connected to the Internet, and the delivery of the weaponized code is easier and does not require physical access to the target computer.
Cyber-weapons could be a ‘disruptive technology’ in warfare — a game-changer like the English longbow, the machine gun or the military aircraft. Nations that succeed in developing such weapons and the concomitant defensive technologies first will have a huge advantage in almost any conflict.
Importantly, the relative size of the combatants is irrelevant to their capabilities or vulnerabilities in this area. A small country could deter a much larger one with a credible threat of a cyber-attack.
Do I need to tell you what small country is a superpower in software and computer technology? I didn’t think so.
===================
